Merge branch 'fix/wifi_netif_null_deref' into 'master'

kapilkedawat · kapilkedawat · commit 1fa67f81f86e · 2024-10-01T21:34:18.000+08:00
esp_wifi: Add null pointer checks to WiFi-netif APIs

Closes IDFGH-7092

See merge request espressif/esp-idf!33946
diff --git a/components/esp_netif/test_apps/test_app_esp_netif/main/esp_netif_test_lwip.c b/components/esp_netif/test_apps/test_app_esp_netif/main/esp_netif_test_lwip.c
@@ -315,6 +315,17 @@ TEST(esp_netif, dhcp_server_state_transitions_mesh)
 #endif // CONFIG_ESP_WIFI_ENABLED && CONFIG_ESP_WIFI_SOFTAP_SUPPORT
 
 #ifdef CONFIG_ESP_WIFI_ENABLED
+/*
+ * This checks some semi-public API for null dereference
+ */
+TEST(esp_netif, wifi_netif_api_null_deref)
+{
+    esp_wifi_destroy_if_driver(NULL);   // returns void: just checking if won't crash
+    TEST_ASSERT_NOT_EQUAL(ESP_OK, esp_wifi_get_if_mac(NULL, NULL));
+    TEST_ASSERT_NOT_EQUAL(true, esp_wifi_is_if_ready_when_started(NULL));
+    TEST_ASSERT_NOT_EQUAL(ESP_OK, esp_wifi_register_if_rxcb(NULL, NULL, NULL));
+}
+
 /*
  * This test validates convenience API esp_netif_create_wifi() which creates WiFi station
  * or API with the specified inherent network config.
@@ -582,6 +593,7 @@ TEST_GROUP_RUNNER(esp_netif)
     RUN_TEST_CASE(esp_netif, create_delete_multiple_netifs)
     RUN_TEST_CASE(esp_netif, find_netifs)
 #ifdef CONFIG_ESP_WIFI_ENABLED
+    RUN_TEST_CASE(esp_netif, wifi_netif_api_null_deref)
     RUN_TEST_CASE(esp_netif, create_custom_wifi_interfaces)
     RUN_TEST_CASE(esp_netif, create_destroy_default_wifi)
 #endif
diff --git a/components/esp_wifi/src/wifi_netif.c b/components/esp_wifi/src/wifi_netif.c
@@ -114,6 +114,9 @@ wifi_netif_driver_t esp_wifi_create_if_driver(wifi_interface_t wifi_if)
 
 esp_err_t esp_wifi_get_if_mac(wifi_netif_driver_t ifx, uint8_t mac[6])
 {
+    if (ifx == NULL || mac == NULL) {
+        return ESP_ERR_INVALID_ARG;
+    }
     wifi_interface_t wifi_interface = ifx->wifi_if;
 
     return esp_wifi_get_mac(wifi_interface, mac);
@@ -123,14 +126,17 @@ bool esp_wifi_is_if_ready_when_started(wifi_netif_driver_t ifx)
 {
 #ifdef CONFIG_ESP_WIFI_SOFTAP_SUPPORT
     // WiFi rxcb to be register wifi rxcb on start for AP only, station gets it registered on connect event
-    return (ifx->wifi_if == WIFI_IF_AP);
+    return (ifx && ifx->wifi_if == WIFI_IF_AP);
 #else
     return false;
 #endif
 }
 
 esp_err_t esp_wifi_register_if_rxcb(wifi_netif_driver_t ifx, esp_netif_receive_t fn, void * arg)
 {
+    if (ifx == NULL || fn == NULL || arg == NULL) {
+        return ESP_ERR_INVALID_ARG;
+    }
     if (ifx->base.netif != arg) {
         ESP_LOGE(TAG, "Invalid argument: supplied netif=%p does not equal to interface netif=%p", arg, ifx->base.netif);
         return ESP_ERR_INVALID_ARG;
